vfs: Pass data, ns, and ns->userns to mount_ns

[deliverable/linux.git] / fs / super.c

diff --git a/fs/super.c b/fs/super.c
index d78b9847e6cbc63f0f74231cf58519a98e38a35d..fd65667832e568bce0aa1c133031297bb02dc255 100644 (file)
--- a/fs/super.c
+++ b/fs/super.c
@@ -918,12 +918,19 @@ static int ns_set_super(struct super_block *sb, void *data)
        return set_anon_super(sb, NULL);
 }
 
-struct dentry *mount_ns(struct file_system_type *fs_type, int flags,
-       void *data, int (*fill_super)(struct super_block *, void *, int))
+struct dentry *mount_ns(struct file_system_type *fs_type,
+       int flags, void *data, void *ns, struct user_namespace *user_ns,
+       int (*fill_super)(struct super_block *, void *, int))
 {
        struct super_block *sb;
 
-       sb = sget(fs_type, ns_test_super, ns_set_super, flags, data);
+       /* Don't allow mounting unless the caller has CAP_SYS_ADMIN
+        * over the namespace.
+        */
+       if (!(flags & MS_KERNMOUNT) && !ns_capable(user_ns, CAP_SYS_ADMIN))
+               return ERR_PTR(-EPERM);
+
+       sb = sget(fs_type, ns_test_super, ns_set_super, flags, ns);
        if (IS_ERR(sb))
                return ERR_CAST(sb);